In the past year, unidentified hackers broke into supposedly secure US government IT systems. The agencies affected included the State Department and the White House. Separately, hackers, who were ten miles away from the vehicle, used digital radio to take control of a Jeep Cherokee driven by a journalist from Wired. Another hacker logged into the engine control system of a United Airlines plane in mid-flight through its on-board Wi-Fi system. The hacker made the plane momentarily turn sideways.
These are just a few of the serious hacking incidents reported in the last twelve months. Many known breaches are never made public either for security reasons or to avoid embarrassment, or both. Some hacks are carried out by benevolent enthusiasts and reputable security experts to draw attention to vulnerabilities. The Jeep and United Airlines hacks are in that category. Yet known breaches are just the tip of the iceberg. Security experts warn that the vast majority of hacking incidents are never discovered, and most hackers are far from altruistic individuals. Since expert hackers can break into the most sensitive computer systems on Earth or take control of cars and aircraft, there is little doubt that the world has a serious problem.
That problem will only get worse with the exponential growth of Internet connected gadgets collectively known as the Internet of Things (IoT). These tiny devices are used for a vast number of purposes from stress sensors on bridges to status sensors on domestic washing machines. According to Cisco, the network equipment manufacturer, over 15 billion such connected devices are currently in use – a figure they believe could reach 50 billion in less than five years. These devices send live status data over the Internet to central monitoring computers. Depending on the data, the systems decide on the ideal course of action. It could be to schedule a service call to replace a washing machine’s water pump before it fails, or to warn the municipal engineering department of a potential problem with a bridge cable. This technology dramatically increases efficiency and improves safety in a huge and growing number of areas. Unfortunately, it has a disturbing and sinister downside: Each digital electronic device is vulnerable to hacking.
Without the owner being aware, a hacker could, for example, take control of an Internet connected refrigerator, and use it to send spam emails, or store illicit data. More seriously, expert terrorist hackers could try to remotely hijack or bring down an aircraft, deactivate the brakes of multiple road vehicles simultaneously, or disable a municipal power grid.
Online vulnerabilities have existed for decades, but they have never been adequately addressed. Now the risks are accelerating and need to be tackled urgently. Two areas should be dealt with immediately. The first and most obvious one is anti-hacking and anti-virus software. This defense has been around for nearly as long as computers and yet it hasn’t prevented hacking. It needs to be drastically improved. The second and most neglected area is legislation. For too long, computer and software manufacturers have hidden behind the small print of their user agreements. These agreements largely exonerate the companies of responsibility for any possible shortcomings in their products. That needs to change. Governments must introduce legislation that puts the onus on companies to ensure their products are safe and fit for purpose. Software and hardware systems used in critical applications, where flaws potentially endanger the health and safety of the general public, should require official certification before they can be sold to the public, just as pharmaceuticals do.
Of course, these changes would make software and hardware more expensive. In the long run, however, the increased costs would be far less than the costs of leaving things as they are. Doing nothing would be like allowing anyone anywhere to manufacture medicines and sell them to the general public without certification or restriction. Connected electronics have become as important to our lives as medicines, and, yet, they’re hardly regulated at all.
How crazy is that?